Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
API Validation XML Schemas do not forbid file system access (XXE) #1021
Just found a potential XXE vulnerability in vertx-web as show below, it seems function
Follow the OWASP guide below which provides concise information to prevent this vulnerability. https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#Java
added a commit
Sep 28, 2018
This issue is not affected by user/application input, but only by badly crafted application configuration. Users using the api contracts module with the default settings are not affected, only if explicitly enabled the XML validation and provided a malicious XSD as input.